<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/02/2020

SHARE

Hacking

Call Fraud Operator Ordered to Pay $9M to Victims

Indian national will serve 20 years in prison for running a large call center fraud operation. A man who owned and ran a network of call centers that defrauded US victims of millions of dollars has been sentenced to 20 years in prison and must pay out $8,970,396 to his victims. Hitesh Madhubhai Patel, aka Hitesh Hinglaj, 44, of Ahmedabad, India, will serve his sentence in federal prison plus three years of supervised release for charges of wire fraud conspiracy. READ MORE...


Electronic Medical Records Cracked Open by OpenClinic Bugs

Four vulnerabilities have been discovered in the OpenClinic application for sharing electronic medical records. The most concerning of them would allow a remote, unauthenticated attacker to read patients' personal health information (PHI) from the application. OpenClinic is an open-source health records management software, its latest version is 0.8.2, released in 2016, so the flaws remain unpatched, researchers at Bishop Fox said. The project did not immediately return Threatpost's request for comment. READ MORE...

Malware

Russian hacking group uses Dropbox to store malware-stolen data

Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of European Union countries. The previously unknown malware framework, named Crutch by its authors, was used in campaigns spanning from 2015 to at least early 2020. Turla's Crutch malware was designed to help harvest and exfiltrate sensitive documents. READ MORE...

Information Security

Malicious NPM packages used to install njRAT remote access trojan

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects. As NPM is an open ecosystem, anyone can upload a new package without being reviewed or scanned for malware. While this environment has led to a repository of 1 million rich and diverse packages. READ MORE...

Exploits/Vulnerabilities

FBI and Homeland Security warn of APT attacks on US think tanks

The FBI and DHS-CISA warned of state-sponsored hacking groups targeting U.S. think tank organizations in a joint advisory published on Tuesday evening. Advanced persistent threat (APT) actors are regularly directing their attacks on such organizations and individuals associated with them who can have an important role in shaping U.S. policy and international affairs according to the two federal agencies. Heightened state of awareness recommended by federal agencies READ MORE...


Malicious or Vulnerable Docker Images Widespread, Firm Says

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious. More than half of the latest images available on Docker Hub have critical vulnerabilities from outdated software, while thousands of images are attack tools or other potentially dangerous software, according to an analysis of 4 million images published on Dec. 1 by Prevasio, a security startup. READ MORE...


CISA, FBI Warn of Attacks Targeting U.S. Think Tanks

Threat actors are continuously targeting United States think tanks, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. This persistent malicious activity, the two agencies say, mostly targets individuals and organizations that are connected to international affairs or which focus on national security policy. The adversaries, CISA and the FBI say in an advisory this week, attempt initial access through spear-phishing and third-party messaging services. READ MORE...

On This Date

  • ...in 1823, President James Monroe proclaims American neutrality in future European conflicts, and warns Europe not to interfere in American affairs.
  • ...in 1902, The first working V-8 engine is patented in France by engineer Leon Levavasseur.
  • ...in 1942, Enrico Fermi directs and controls the first nuclear chain reaction in his laboratory at the University of Chicago.
  • ...in 1968, actress and producer Lucy Liu ("Ally McBeal", "Kill Bill") is born in Queens, NY.